DOCSLIB.ORG

Privacy at Google

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy at Google Privacy at Google Contents Introduction 2 Google’s privacy principles: Transparency and user choice 3 Putting principles into practice 5 Search 5 Strengthening Google’s privacy practices 8 Why Google stores data 10 Personalization 12 Targeted advertising 16 Other Google products 18 Helping to protect users 21 Frequently asked questions 23 Glossary 27 Appendix 29 Introduction As the information age becomes a reality for increasing numbers of people globally, the technologies that underpin it are getting more sophisticated and useful. The opportunities are immense. For individuals, a quantum leap forward in their ability to communicate and create, speak and be heard; for national economies, accelerated growth and innovation. However, these technological advances do sometimes make it feel as if our lives are now an open book. Credit cards record where we shop and what we buy. Mobile phones track our every movement. Emails leave a trail of who we ‘talk’ to, and what we say. And blogs, video sharing sites and social networks make it possible to share almost anything (photos, home movies, one’s innermost thoughts) with almost anyone. That’s why Google believes it’s so important to have clear privacy policies - policies that are based on the principles of transparency and choice. Our users deserve to know what information is being collected and stored, and why, so that they can make informed decisions about the Google services they use. We hope that this booklet will help you better understand what Google is doing to protect our users’ privacy and to help raise standards across the industry. Peter Fleischer Global Privacy Counsel 2 Google’s privacy principles: Transparency and user choice All of us now trust companies with information online that is personal or sensitive. But it’s sometimes difficult to work out exactly what information these organizations collect, or how they use it. For a start, most privacy policies are long, complicated documents that are hard to understand. And technology is changing all the time. That’s why Google believes it’s critical to be transparent about our approach to privacy and to give users meaningful control – we want people to understand what data we store and why, so that they can make informed decisions about the services they use. Transparency and user choice are the principles on which all Google’s privacy policies are based. Google designs products to put the user in control We build privacy protections into our services from the ground up. Take Web History for example, a sign-in feature which allows users to look back over sites they have visited or searched for in the past. If people don’t want particular entries stored they can delete them. Or Google Talk, our instant messaging service. If users want their conversations to be “off the record,” all they have to do is click a button. None of Google’s products use personal data unless fully disclosed in a privacy policy Privacy policies are legal documents that provide people with notice about the information companies collect, and obtain their consent to its use. Personal data is information that relates to a particular identifiable individual. At Google we aim to write our privacy policies in clear, simple language Google tries to keep our privacy policies as short and simple as possible – with a one page summary at the top, followed by more detail underneath for users who are interested. To read our privacy policies go to http://www.google.com/privacy. In addition Google is experimenting with privacy videos to help inform users about what we do and why: just visit http://www.youtube.com/googleprivacy to see them all. 3 We always ask people actively to opt in to services that use their sensitive data Sensitive data is information about a person’s health, sexual orientation or political beliefs, for example. So for a product like Gmail – which may store sensitive personal data contained in people’s email – we always ask users to opt in to the storage of sensitive data in the service by opening an account. 4 Putting principles into practice Search Search - the ability to deliver relevant information on any topic to anyone, anywhere, instantly - is at the heart of what Google does. Today millions of people globally use our search engine. But what happens when people type their query into that box on our homepage – and what data, if any, do we store about that search? Data retention practices Let’s take a simple search like cars. When someone types the word “cars” into our search engine, the request gets sent from that user’s computer over the Internet to our computers, which look for the right search results. Once our computers have found the results, they send these results back to the user’s computer – again via the Internet. All this takes milliseconds. This is the information that Google keeps: the search query (i.e., “cars”), the time and date it was typed, the IP address and cookie of the computer it was entered from, and its browser type and operating system. Like almost all websites, we keep these records in our logs. Here’s what a typical log entry at Google looks like: 123.45.67.89 - 25/Mar/2007 10:15:32 - http://www.google.com/search?q=cars - Firefox 2.0.0.7; Windows NT 5.1 - 740674ce2123e969. But what does this all mean? 5 IP addresses: 123.45.67.89 is the IP address assigned to the user’s computer by his or her service provider. An IP address is a number assigned to each individual computer. When a user searches on Google, we use his computer’s IP address to ensure that we get the right results back to the right computer. It’s important to remember that IP addresses don’t say exactly where an individual user is, or who they are. In fact, some Internet Service Providers (ISPs) give users a different IP address every time they log onto the web. At best, all Google can tell about a user from his computer’s IP address is that user’s general location (for example London), and possibly the ISP they use to connect to the Internet. Only the ISP (who actually controls the user’s account), can match an individual with an IP address. Time and date: 25/Mar/2007 10:15:32 is the date and time the user typed the query into Google. Search query: http://www.google.com/search?q=cars is the search query, in this specific case “cars.” Browsers and operating systems: Firefox 2.0.0.7; Windows NT 5.1 is the browser and operating system being used. A browser - like Internet Explorer, Mozilla Firefox, Safari or Opera - is the software that enables computers to access the web. An operating system - like Windows - is the software that manages a user’s computer. Cookies: 740674ce2123a969 is the unique cookie ID assigned to a computer the first time a user visits Google. A cookie is, a cookie is a small file that gets stored on a user’s computer; it looks like a lot of numbers, letters and symbols strung together. Like an IP address, a cookie doesn’t tell Google who a user actually is or where they live - it only identifies a computer. A user can delete cookies at any time through the cookie-control panel in his computer’s browser, as explained in detail below. A cookie records users’ 6 preferences, for example whether a user wants his results in English or French, or if he wants to use a SafeSearch filter. 7 Strengthening Google’s privacy practices Time limits on data retention While none of the data Google stores in its search logs identifies individuals personally, it can sometimes have personal elements, because it involves specific queries. For example, if a user runs a search on her own name and city, that search query reveals more information about a user than our prior example of a search for “cars.” That’s why earlier this year Google decided to delete the last two digits from the IP addresses and alter the cookie numbers in our logs permanently after 18 months. This breaks the link between the search query and the computer it was entered from. It’s similar to the way in which credit card receipts replace digits with hash marks to improve customer security. Here is what an IP address will look like in our logs after 18 months: 123.45.67.XX. After the same time period, the cookie will be replaced by a newly-generated cookie number. Google was the first search engine to place time limits on the retention of logs data and we’re pleased that others in the industry have followed our lead. Time limits on cookies In addition Google has decided to limit the lifetime of its cookies. When we originally designed them, we set our cookies to expire well into the future - 2038, to be exact - because their primary purpose was to preserve people’s preferences, not to allow them to be forgotten. But Google now plans to start issuing cookies that auto-expire after two years - unless they belong to someone who uses our services regularly, in which case the cookie will automatically renew itself. In other words, people who do not return to Google will have their cookies deleted after two years, while those who use the service regularly will have a cookie renewed for two years from the point that they use our services, and consequently will not lose their preferences. 8 Google has always allowed people to use its services without cookies (though this may mean losing the use of some features or functions of particular products).
Load more

Recommended publications
  • A Visualization on What's Changing Google Accounts Help
    Google Accounts Help About the conversion: A visualization on what's changing Google offers different types of accounts to different types of users. Until recently, we offered two primary types of accounts that were completely separate services: Google Accounts Provide access to all Google products and services, such as Gmail, Blogger, Orkut, and Web History. Can be created with any email address, such as the email address you have with your organization, or with any webmail address (@yahoo.com, @hotmail.com, etc.). Signing up for Gmail automatically creates a Google Account with that address. Google Apps Accounts Issued and managed by and used with your @my-domain.com organization. Provide access to only Gmail, Calendar, Docs, Sites, Groups, and Video. Before the transition Google Accounts Google Apps accounts Example accounts: [email protected] Example accounts: [email protected] [email protected] [email protected] [email protected] Sample of products on Google Accounts: Only 6 products on Google Apps accounts: However, we recently transitioned Google Apps accounts so you can use your @my-domain.com address to access the same Google products and services that Google Accounts holders can. Your Google Apps Account is now a Google Account. Conflicting accounts If you've used other Google products outside of the ones you can access with your Google Apps account such as Picasa, Reader, or AdWords, you've already created a conflicting Google Account. If you used your Google Apps email address to sign up for and use those other Google services, you now have two Google Accounts, with the same address.
    [Show full text]
  • EPIC Google FTC Complaint
    Before the Federal Trade Commission Washington, DC 20580 In the Matter of ) ) Google, Inc. and ) Cloud Computing Services ) ________________________________ ) Complaint and Request for Injunction, Request for Investigation and for Other Relief SUMMARY OF COMPLAINT 1. This complaint concerns privacy and security risks associated with the provision of “Cloud Computing Services” by Google, Inc. to American consumers, businesses, and federal agencies of the United States government. Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains. Given the previous opinions of the Federal Trade Commission regarding the obligation of service providers to ensure security, EPIC hereby petitions the Federal Trade Commission to open an investigation into Google’s Cloud Computing Services, to determine the adequacy of the privacy and security safeguards, to assess the representations made by the firm regarding these services, to determine whether the firm has engaged in unfair and/or deceptive trade practices, and to take any such measures as are necessary, including to enjoin Google from offering such services until safeguards are verifiably established. Such action by the Commission is necessary to ensure the safety and security of information submitted to Google by American consumers, American businesses, and American federal agencies. PARTIES 1. The Electronic Privacy Information Center (“EPIC”) is a public interest research organization incorporated in Washington, DC. EPIC’s activities include the review of government and private sector policies and practices to determine their impact on the privacy interests of the American public. Among its other activities, EPIC initiated the complaint to the FTC regarding Microsoft Passport in which the Commission subsequently required Microsoft to implement a comprehensive information security program for 1 Passport and similar services.1 EPIC also filed the complaint with the Commission regarding databroker ChoicePoint, Inc.
    [Show full text]
  • Google Apps: an Introduction to Picasa
    [Not for Circulation] Google Apps: An Introduction to Picasa This document provides an introduction to using Picasa, a free application provided by Google. With Picasa, users are able to add, organize, edit, and share their personal photos, utilizing 1 GB of free space. In order to use Picasa, users need to create a Google Account. Creating a Google Account To create a Google Account, 1. Go to http://www.google.com/. 2. At the top of the screen, select “Gmail”. 3. On the Gmail homepage, click on the right of the screen on the button that is labeled “Create an account”. 4. In order to create an account, you will be asked to fill out information, including choosing a Login name which will serve as your [email protected], as well as a password. After completing all the information, click “I accept. Create my account.” at the bottom of the page. 5. After you successfully fill out all required information, your account will be created. Click on the “Show me my account” button which will direct you to your Gmail homepage. Downloading Picasa To download Picasa, go http://picasa.google.com. 1. Select Download Picasa. 2. Select Save File. Information Technology Services, UIS 1 [Not for Circulation] 3. Click on the downloaded file, and select Run. 4. Follow the installation procedures to complete the installation of Picasa on your computer. When finished, you will be directed to a new screen. Click Get Started with Picasa Web Albums. Importing Pictures Photos can be uploaded into Picasa a variety of ways, all of them very simple to use.
    [Show full text]
  • Overtaking Google Desktop Leveraging XSS to Raise Havoc
    Overtaking Google Desktop Leveraging XSS to Raise Havoc Yair Amit Senior Security Researcher, Watchfire [email protected] 6th OWASP +972-9-9586077 ext 4039 AppSec Conference Copyright © 2007 - The OWASP Foundation Milan - May 2007 Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation http://www.owasp.org / Presentation Outline Background Google Desktop Overview Overtaking Google Desktop – Step by Step Impact What harm can a malicious attacker do? Attack characteristics Lessons learned Q&A 6th OWASP AppSec Conference – Milan – May 2007 2 Background XSS The most widespread web-application vulnerability WASC Web Application Security Statistics Project (http://www.webappsec.org/projects/statistics/ ) Used to be perceived as an identity theft attack XSS has so much more to offer. It has teeth! Change settings and steal data from attacked victim account Web worms (Samy) What we are about to see… Stealth attack Sensitive information theft from the local computer Command execution 6th OWASP AppSec Conference – Milan – May 2007 3 Google Desktop - Overview Purpose: provide an easily to use and powerful search capability on local and other personal content Some traits: Runs a local web-server for interaction (port 4664) Google.com like interface Uses a service to run the indexing User interface is almost purely web Preferences control what to index, and indexing can be broad Office documents, media files, web history cache, chat sessions, etc. Easily extendible Special integration with Google.com 6th OWASP AppSec Conference – Milan – May 2007 4 Google Desktop Security Mechanisms Web server only accessible from localhost Not available from network 6th OWASP AppSec Conference – Milan – May 2007 5 Google Desktop Protection Mechanism (cont.) The main threats are XSS and XSRF attacks.
    [Show full text]
  • In the Common Pleas Court Delaware County, Ohio Civil Division
    IN THE COMMON PLEAS COURT DELAWARE COUNTY, OHIO CIVIL DIVISION STATE OF OHIO ex rel. DAVE YOST, OHIO ATTORNEY GENERAL, Case No. 21 CV H________________ 30 East Broad St. Columbus, OH 43215 Plaintiff, JUDGE ___________________ v. GOOGLE LLC 1600 Amphitheatre Parkway COMPLAINT FOR Mountain View, CA 94043 DECLARATORY JUDGMENT AND INJUNCTIVE RELIEF Also Serve: Google LLC c/o Corporation Service Co. 50 W. Broad St., Ste. 1330 Columbus OH 43215 Defendant. Plaintiff, the State of Ohio, by and through its Attorney General, Dave Yost, (hereinafter “Ohio” or “the State”), upon personal knowledge as to its own acts and beliefs, and upon information and belief as to all matters based upon the investigation by counsel, brings this action seeking declaratory and injunctive relief against Google LLC (“Google” or “Defendant”), alleges as follows: I. INTRODUCTION The vast majority of Ohioans use the internet. And nearly all of those who do use Google Search. Google is so ubiquitous that its name has become a verb. A person does not have to sign a contract, buy a specific device, or pay a fee to use Good Search. Google provides its CLERK OF COURTS - DELAWARE COUNTY, OH - COMMON PLEAS COURT 21 CV H 06 0274 - SCHUCK, JAMES P. FILED: 06/08/2021 09:05 AM search services indiscriminately to the public. To use Google Search, all you have to do is type, click and wait. Primarily, users seek “organic search results”, which, per Google’s website, “[a] free listing in Google Search that appears because it's relevant to someone’s search terms.” In lieu of charging a fee, Google collects user data, which it monetizes in various ways—primarily via selling targeted advertisements.
    [Show full text]
  • Getting Started with Google Cloud Platform
    Harvard AP275 Computational Design of Materials Spring 2018 Boris Kozinsky Getting started with Google Cloud Platform A virtual machine image containing Python3 and compiled LAMMPS and Quantum Espresso codes are available for our course on the Google Cloud Platform (GCP). Below are instructions on how to get access and start using these resources. Request a coupon code: Google has generously granted a number of free credits for using GCP Compute Engines. Here is the URL you will need to access in order to request a Google Cloud Platform coupon. You will be asked to provide your school email address and name. An email will be sent to you to confirm these details before a coupon code is sent to you. Student Coupon Retrieval Link • You will be asked for a name and email address, which needs to match the domain (@harvard.edu or @mit.edu). A confirmation email will be sent to you with a coupon code. • You can only request ONE code per unique email address. If you run out of computational resources, Google will grant more coupons! If you don’t have a Gmail account, please get one. Harvard is a subscriber to G Suite, so access should work with your @g.harvard.edu email and these were added already to the GCP project. If you prefer to use your personal Gmail login, send it to me. Once you have your google account, you can log in and go to the website below to redeem the coupon. This will allow you to set up your GCP billing account.
    [Show full text]
  • Paper #5: Google Mobile
    Yale University Thurmantap Arnold Project Digital Platform Theories of Harm Paper Series: 5 Google’s Anticompetitive Practices in Mobile: Creating Monopolies to Sustain a Monopoly May 2020 David Bassali Adam Kinkley Katie Ning Jackson Skeen Table of Contents I. Introduction 3 II. The Vicious Circle: Google’s Creation and Maintenance of its Android Monopoly 5 A. The Relationship Between Android and Google Search 7 B. Contractual Restrictions to Android Usage 8 1. Anti-Fragmentation Agreements 8 2. Mobile Application Distribution Agreements 9 C. Google’s AFAs and MADAs Stifle Competition by Foreclosing Rivals 12 1. Tying Google Apps to GMS Android 14 2. Tying GMS Android and Google Apps to Google Search 18 3. Tying GMS Apps Together 20 III. Google Further Entrenches its Mobile Search Monopoly Through Exclusive Dealing22 A. Google’s Exclusive Dealing is Anticompetitive 25 IV. Google’s Acquisition of Waze Further Forecloses Competition 26 A. Google’s Acquisition of Waze is Anticompetitive 29 V. Google’s Anticompetitive Actions Harm Consumers 31 VI. Google’s Counterarguments are Inadequate 37 A. Google Android 37 B. Google’s Exclusive Contracts 39 C. Google’s Acquisition of Waze 40 VII. Legal Analysis 41 A. Google Android 41 1. Possession of Monopoly Power in a Relevant Market 42 2. Willful Acquisition or Maintenance of Monopoly Power 43 a) Tying 44 b) Bundling 46 B. Google’s Exclusive Dealing 46 1. Market Definition 47 2. Foreclosure of Competition 48 3. Duration and Terminability of the Agreement 49 4. Evidence of Anticompetitive Intent 50 5. Offsetting Procompetitive Justifications 51 C. Google’s Acquisition of Waze 52 1.
    [Show full text]
  • Digital Media Asset Management and Sharing
    Digital Media Asset Management and Sharing Introduction Digital media is one of the fastest growing areas on the internet. According to a market study by Informa Telecoms & Media conducted in 2012, the global 1. online video market only, will reach $37 billion in 2017¹. Other common media OTT Video Revenue Forecasts, types include images, music, and digital documents. One driving force for this 2011-2017, by Informa Telecoms phenomena growth is the popularity of feature rich mobile devices2, equipped & Media, with higher resolution cameras, bigger screens, and faster data connections. November 2012. This has led to a massive increase in media content production and con- sumption. Another driving force is the trend among many social networks to 2. incorporate media sharing as a core feature in their systems². Meanwhile, Key trends and Takeaways in Digital numerous startup companies are trying to build their own niche areas in Media Market, this market. by Abhay Paliwal, March 2012. This paper will use an example scenario to provide a technical deep-dive on how to use Google Cloud Platform to build a digital media asset management and sharing system. Example Scenario - Photofeed Photofeed, a fictitious start-up company, is interested in building a photo sharing application that allows users to upload and share photos with each other. This application also includes a social aspect and allows people to post comments about photos. Photofeed’s product team believes that in order for them to be competitive in this space, users must be able to upload, view, and edit photos quickly, securely and with great user experiences.
    [Show full text]
  • Youtube Com Request Desktop Site
    Youtube Com Request Desktop Site Lorenzo vent his performers blemishes favorably, but bidirectional Matthieu never invigilate so mutationally. transilluminateGunner remains some guileful schiller after or Hasheem rambling happen traverse. first-class or desulphurize any quickies. Phasic Jay usually To follow and boost which finds the request desktop site layout It off and request the youtube videos would otherwise approved by this is a means for inserting your own. Firefox mobile won't play youtube video on background. Besides that desktop site view under the request a desktop version since we will. Get started playing. If desktop site uses cookies. It with youtube desktop site you. When the youtube desktop site option to do you load the page and creators get it starts playing in the video plays. How can request desktop site can render everything. Live stream key new replies are not spam you request desktop sites. Create a desktop sites too long before the request desktop site view on almost any way down the app, but we can access desktop version of? Next time we and trying new module in requesting a smaller since been expanded to? You will now, and play youtube channel. Despite enabling the desktop sites are disabled. Thanks for desktop site, the youtube title and enable desktop screen experience will lead to fully load the facebook app to fix the amount of? You request desktop site starts loading, family or meeting. You are a user profile icon and that tablets, perform regular http. Get things done within a solution is a domain you want to watch history, while you find yourself wondering how to use it works a little.
    [Show full text]
  • Jon Leibowitz, Chairman J. Thomas Rosch Edith Ramirez Julie Brill
    102 3136 UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION COMMISSIONERS: Jon Leibowitz, Chairman J. Thomas Rosch Edith Ramirez Julie Brill ____________________________________ ) In the Matter of ) ) GOOGLE INC., ) a corporation. ) DOCKET NO. C-4336 ____________________________________) COMPLAINT The Federal Trade Commission, having reason to believe that Google Inc. (“Google” or “respondent”), a corporation, has violated the Federal Trade Commission Act (“FTC Act”), and it appearing to the Commission that this proceeding is in the public interest, alleges: 1. Respondent Google is a Delaware corporation with its principal office or place of business at 1600 Amphitheatre Parkway, Mountain View, CA 94043. 2. The acts and practices of respondent as alleged in this complaint have been in or affecting commerce, as “commerce” is defined in Section 4 of the FTC Act. RESPONDENT’S BUSINESS PRACTICES 3. Google is a technology company best known for its web-based search engine, which provides free search results to consumers. Google also provides various free web products to consumers, including its widely used web-based email service, Gmail, which has been available since April 2004. Among other things, Gmail allows consumers to send and receive emails, chat with other users through Google’s instant messaging service, Google Chat, and store email messages, contact lists, and other information on Google’s servers. 4. Google’s free web products for consumers also include: Google Reader, which allows users to subscribe to, read, and share content online; Picasa, which allows users to edit, post, and share digital photos; and Blogger, Google’s weblog publishing tool that allows users to share text, photos, and video.
    [Show full text]
  • Chrome Request Desktop Site Not Working
    Chrome Request Desktop Site Not Working Is Allan always androdioecious and furzy when patronages some tidies very lifelessly and octagonally? Unanalyzable Patrik relives, his emulsoid knee anthropomorphising alee. Wilt often fine-tunes Malaprop when effluvial Ed bushwhacks head-on and disembarrass her fornicators. The website is caught in the google chrome firefox and android phone. There remain many different browser apps in Android market. After every relevant binary is executed, Google Update uploads statistics on the actions that were performed. How change request desktop version of a Web site in Chrome for Android. When compared to site not chrome working or storage and. It has fixed all sorts of problems with Chrome. You can enable desktop view but you are still getting a mobile version. URL in extra background. Hope that works for you! Opening a site not work actually works. If you sync your browsing history bring a sync passphrase, this forecast also contains a temporary authentication token tied to your Google account shall provide better protections to some users whose face may be one attack. Please extract a smaller file and iron again. How To Load on desktop websites permanently in Chrome. Using the Zoom Chrome Extension Zoom Help Center. However, entity can see more of the widow without some being concealed by other cards. How do these enable desktop running on Google Chrome? Note that integral mode having not protect you use example, how the computer you are using is infected by a keylogger that records what character type. Just not work for desktop site requests to chrome works on android phone is.
    [Show full text]
  • Google Apps for Desktop Download How to Add a Google Shortcut on Your Desktop
    google apps for desktop download How to Add a Google Shortcut on Your Desktop. This article was written by Jack Lloyd. Jack Lloyd is a Technology Writer and Editor for wikiHow. He has over two years of experience writing and editing technology-related articles. He is technology enthusiast and an English teacher. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 80,695 times. This wikiHow teaches you how to create a desktop shortcut to Google's search page in the Chrome, Firefox, Internet Explorer, and Safari web browsers. You cannot create a desktop shortcut while using Microsoft Edge. Google retires Chrome App Launcher for Windows, here’s how to launch Google apps from Desktop. Google announced that it discontinued its Chrome App Launcher for Windows Desktop. The program will also be discontinued from Mac, but it will remain as a standard feature of Google’s own Chrome OS. Google’s precise reason for retiring the Chrome App Launcher from Windows and Mac has to do with users opening apps directly from the browser: “We’ve found that users on Windows, Mac, and Linux prefer to launch their apps from within Chrome,” Chrome engineering director Marc Pawliger explains in [a new post to the Chromium blog](Marc Pawliger). “With Chrome’s continued emphasis on simplicity and streamlining browser features, the launcher will be removed from those platforms. It will remain unchanged on Chrome OS.” As Thurrott points out, it is possible that most users are not even aware of the fact that they’re able to run their Google apps directly from the desktop.
    [Show full text]